Drone

Drone not seeing nor syncing forked repo

Here’s the setup:
I’m part of Org A that has a private repo MyRepo
I’m also part of Org B and I’ve forked MyRepo into Org B from Org A
I have Drone setup to sync all repos from Org B.
MyRepo is not showing up in Drone.

It seems like this shouldn’t be a problem, but it’s not working like I’d expect it to. This isn’t a fork that has been created before, deleted, and then recreated; I verified that the repo doesn’t show up in the repos table in the database. I’ve manually run sync’s and I’ve restarted the Drone Server to no avail. I’m running Drone 1.5.

you can enable trace logs on the server, which should provide you detailed insight into what Drone is doing and why. Every repository that is returned from github (via /user/repos) will have some corresponding entry in the logs.

https://<my-drone-instance>/api/user/repos does not contain the repo in question. I enabled trace logging but the repo is not listed in the trace when the sync happens. If I query GitHub’s api manually both for org repos and my repos, it does show up (using their hub utility): hub api orgs/myorg/repos and hub api user/repos

sorry, I was referring to api.github.com/user/repos. when you synchronize your repository list, every repository returned from that github endpoint is written to the logs. In order to help you I need to see the full trace logs from a synchronize / batch.

Thanks for your continued help! The repo in question is returned when I manually hit that GitHub endpoint, but I do not see it in the sync logs from Drone. Can I email you the trace log rather than attach to or link here?

all repositories returned from github are written to the logs here:

the lack of entry in the logs indicates the github endpoint did not return the repository in question. Keep in mind that the credentials used with hub may have different authorization grants than the token used by Drone. Also, organizations can put access control policies in place that limit an application’s access to data.

I’m not sure where I’m going wrong on this one then. I am the owner of Org B, I don’t believe I’ve limited permissions in any way that would limit this particular repo from showing up in Drone (and while I don’t own Org A, just a collaborator on the one repo I’ve forked, I don’t think that would have any effect on the Repo since I’ve forked it into Org B). I didn’t modify the OAuth Scope when I setup Drone. The only difference between this forked repo and all of the other ones in my org that I noticed was that I was not set as a collaborator, just assigned to it as a Team member with Admin permissions (not that it should matter since I own the Org). I set myself as a collaborator but that didn’t affect it either. I also revoked Drone’s permissions from my personal github account and logged out and back into Drone to reauthorize and tried again to no avail as well. Any suggestions or thoughts on what I could be missing?

Here are some tips to debug:

  1. find the authorization entry for drone in github (at https://github.com/settings/applications) and check to make sure the organization is authorized
  2. check the organization settings (for both organizations) and check for security settings that might be restricting application access to data
  3. list all remote repositories using drone.acme.com/api/user/remote/repos. This is a direct copy of everything drone gets from github
  4. find a specific remote repository using drone.acme.com/api/user/remote/repos/:namespace/:name. this is a direct copy of the results drone gets from github when querying a single repository. An error such as Not Found could indicate no permission to view.
  5. set DRONE_GITHUB_DEBUG=true which will dump the http response for all GitHub API calls to stdout. Once enabled hit the above two endpoints. It will produce megabytes of data but will let you see everything GitHub is sending back to Drone when making the API requests. Do you see your repository?
  6. fish the oauth2 token out of the users table in the database for your account and hit the api.github.com/user/repos endpoint directly with curl. what are the results and does it rule anything out or prove anything?

the above steps should allow you to draw one of two conclusions:

  • the github token is not authorized to access your repository and the api.github.com/user/repos does not include the repository. If this happens, contact github support (which is superb) and provide them the application id and your repository name and ask for help
  • there is a problem with drone where it has access to the repository and it is visible in api.github.com/user/repos but somehow it is being lost in translation between github and drone. In this case the data from steps 3, 4, 5, the http dumps, and the trace logs from syncing would be required to triage further.

I hope this helps.

These steps are a huge help, thanks so much! Here’s the results of the troubleshooting thus far. Step 5 didn’t seem to have any effect; there’s no extra data in the logs. I can see in the dumped config from using trace that debug was set to true, so I know I’m setting the variable right.

  1. Verified org is authorized
  2. No blocks in my org, I checked with the owner of the other and he hasn’t implemented any on his end
  3. The repo does not show in this list
  4. The repo does show when I load it specifically
  5. Didn’t seem to add anything additional to the log, is this logged in a different place?
  6. I grabbed the token from the DB and manually ran a cURL request to https://github.com/api/repos/orgb/myrepo and I did see the repo information.

Based on this, it seems there’s a disconnect in Drone somewhere. I thought maybe it was because of how many repos we have (262), but it seems that Drone does check for paginated results of the API call and follows them. I have copies of the results of 3 and 4 as well as the trace. If you can give me some hints on where the github debug logs might be, I can add that in and send it over.

As another quick test, I retrieved three, 100-item pages of repos using api.github.com/user/repos to get all of my repos and the repo does not appear in this list either, but I can access it directly using the same token. I think this warrants contacting github support first. stay tuned!

I am seeing this behavior also, and would love to see where this ends up!

Unfortunately I’m still in the same position. I contacted github support and they said they’d pass it along to their internal team and I have yet to hear back; and it still doesn’t work. If I duplicate the repo, rather than fork it, it does show up in Drone. Not the most elegant solution as we can’t send PR’s upstream from Github; it more or less just becomes a mirror.

Thanks Matt for the update.

For others that arrive at this thread I recommend reporting to GitHub and providing them with a sample CURL request that can be used to reproduce the problem. Although Matt has not received a response from GitHub (which is unfortunate) I still recommend contacting GitHub. It is possible your issue will be routed to a different support engineer and you may have better luck getting a response. And if you do get a response, please share!